{"report_id":"6607ae2e-8ba1-4932-8ad6-2d10d9698b73","version":6,"status":"done","tags":[],"date":"2026-04-20T10:31:35Z","url":{"schema":"http","addr":"coinbase-referral.jsformat.com","fqdn":"coinbase-referral.jsformat.com","domain":"jsformat.com","tld":"com"},"ip":{"addr":"92.113.16.185","port":0,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"coinbase-referral.jsformat.com/","fqdn":"coinbase-referral.jsformat.com","domain":"jsformat.com","tld":"com"},"title":"Coinbase Invite Referral Code Canada (Get up to $200)","dom":{"size":29139,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (29137), with no line terminators","md5":"22b1c54f66134638687175186a455620","sha1":"e1d9f4a3c39ec761b186984906cb844fd3ae4d5e","sha256":"3237315cdb7e4b252a2000795390528cdf34123a17ff1f34f44fc191f127117b","sha512":"11418c91682c5bae11a98e34d18a239eb6df8237ef8264376b00d3af06ffa060aff8afd1eae61f18aca20cd024563d7190f605bbbc9cbe1194ba1a2cabd7f9b7","ssdeep":"384:EI5xOnDE7MYbXXUFXrSnzHEb4Hc8Wqo1CP:EIunDE7MY7UFqzHE4Hc8Wqo1s","tlshash":"ced2eaa93b1424b8ac9f522db27bba9e73319011c36384e4b0de9190a7c7d530d66fdd","dom_hash":"domhash9b9a8f95556c1d1575b6fa131b10c2d6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"coinbase-referral.jsformat.com","fqdn":"coinbase-referral.jsformat.com","domain":"jsformat.com","tld":"com"},"ip":{"addr":"92.113.16.185","port":0,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-25T10:31:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"coinbase-referral.jsformat.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"coinbase-referral.jsformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"coinbase-referral.jsformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"coinbase-referral.jsformat.com","ip":{"addr":"92.113.16.107","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-20T10:31:35.266824Z","last_seen":"2026-04-20T10:31:35.266824Z","alert_count":6,"request_count":2,"received_data":34508,"sent_data":966,"comment":"","tags":null,"fingerprints":[{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"PHP:8.2.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"coinbase-referral.jsformat.com/","fqdn":"coinbase-referral.jsformat.com","domain":"jsformat.com","tld":"com"},"ip":{"addr":"92.113.16.107","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"eea31992f80f6b773313b4bd8c3c358b","sha1":"801bbf49d8f394aabbfe9654f55b5b5ada4b8d59","sha256":"d4d7d0f1a5e8f5a7fda739bf553ce6331ebe45c10192f314ba1e7059e2772806","sha512":"38dea5624015cc1ab244964250763e31d59b26651bf511a6d84497fdde196a79e1a93545ac2aff1112dbcc5ae076f85f6e99ba1babe16c396da9624cc76552d7","ssdeep":"192:yUFicWwb/Hi1dcBcFXc8HEbx6eNKN2hCfBYMMJeNb0XU0Cg:yUFXrSnzHEb4Hc8Wqo1Cg","tlshash":"a702f8b83925717796eb732be45f728db672342b92412021d02d85ad3c30e2f957ecd8","size":8221,"data":"","first_seen":"2025-12-12T14:44:26.038664Z","last_seen":"2026-04-20T10:31:39.319648Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"coinbase-referral.jsformat.com/favicon.ico","fqdn":"coinbase-referral.jsformat.com","domain":"jsformat.com","tld":"com"},"ip":{"addr":"92.113.16.107","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinbase-referral.jsformat.com/","date":"2026-04-20T10:31:14.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coinbase-referral.jsformat.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 12:18:55 GMT","end":"Sat, 18 Jul 2026 12:18:54 GMT"},"fingerprint":{"sha1":"A6:D3:8C:CB:96:33:5F:3B:6E:55:C3:54:AA:5F:42:00:E7:6E:0A:C2","sha256":"C0:FF:DE:2B:BC:7C:AB:97:4A:FA:EE:49:16:C7:D3:E7:D4:A2:37:FE:D9:60:3E:B1:B2:F3:87:D1:D0:9D:E3:CA"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: coinbase-referral.jsformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://coinbase-referral.jsformat.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 20 Apr 2026 10:31:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 1626\r\nlast-modified: Tue, 22 Apr 2025 07:57:10 GMT\r\netag: \"119f-68074bd6-26e1064d10a7233;br\"\r\ncontent-encoding: br\r\ncontent-security-policy: upgrade-insecure-requests\r\nplatform: hostinger\r\npanel: hpanel\r\nserver: hcdn\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-hcdn-request-id: 32269932ba0f9a5e1e582c86eaa283d5-fra-edge2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":4511,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (371)","md5":"b16e9097fc7d3af8ebfcfce7aba0a42d","sha1":"2af3c8408b8445fe81d9a7c8d7cc8e8a05bf80f5","sha256":"e7db95c97a5d45787cc3e40cbcb93b748fefc65bc14e162c746e37f979861729","sha512":"53a7a2c276fbc5159231c162eb863504448515f1a078832b81f1bffeedb1c82932810b66748fd4111d1b8fb866622a5cc63e79e497227b611c90886ba45d3f3b","ssdeep":"96:tr+ulojsBwJG8YqVcqHL/GSrrLc1VhrJuzeK:tyoasBwJG8nVjaSeVhrJgeK","tlshash":"0891f88f25f381452603c99037f9b61499554007f685eca8bdee9228cfc4b8a41e3bdc","first_seen":"2025-04-22T08:45:29.599713Z","last_seen":"2026-04-20T16:14:44.133918Z","times_seen":28079,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"coinbase-referral.jsformat.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"coinbase-referral.jsformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"coinbase-referral.jsformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coinbase-referral.jsformat.com/","fqdn":"coinbase-referral.jsformat.com","domain":"jsformat.com","tld":"com"},"ip":{"addr":"92.113.16.107","port":443,"asn":47583,"as":"Hostinger International Limited","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-20T10:31:13.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coinbase-referral.jsformat.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 19 Apr 2026 12:18:55 GMT","end":"Sat, 18 Jul 2026 12:18:54 GMT"},"fingerprint":{"sha1":"A6:D3:8C:CB:96:33:5F:3B:6E:55:C3:54:AA:5F:42:00:E7:6E:0A:C2","sha256":"C0:FF:DE:2B:BC:7C:AB:97:4A:FA:EE:49:16:C7:D3:E7:D4:A2:37:FE:D9:60:3E:B1:B2:F3:87:D1:D0:9D:E3:CA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: coinbase-referral.jsformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 20 Apr 2026 10:31:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-powered-by: PHP/8.2.30\r\ncontent-encoding: br\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nserver: hcdn\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-hcdn-request-id: 3648e4c7b65798fbd238fcdd43bb7765-fra-edge2\r\nx-hcdn-cache-status: DYNAMIC\r\nx-hcdn-upstream-rt: 0.289\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"PHP:8.2.30","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Hostinger CDN","description":"Hostinger Content Delivery Network (CDN).","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["CDN"]}],"data":{"size":29170,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (29167)","md5":"7cdde5adc94f6dda427a4444b963008c","sha1":"e7c6d0bc47336f57f0b621ed38d93bca34e7c636","sha256":"442d81b75f443dcf5850b2f467aafb628e1512cba04417d84abc5cce099335ee","sha512":"947663bac652a4e13e8e56fd680e67b040126c70fa49c19dfbe303bb22457be046a410d61af4d981315e5aa6e0ec2e16ddab26ad5195c236ec5c011fc8426159","ssdeep":"384:ZI5xOnDE7MYbXGUFXrSnzHEb4Hc8Wqo1CP:ZIunDE7MYaUFqzHE4Hc8Wqo1s","tlshash":"5ed2e9a93b1424b8ac9f523db27bba9eb3319011c35384e4b0de9190a7c7d530966fdd","first_seen":"2026-04-20T10:31:39.316761Z","last_seen":"2026-04-20T10:31:39.316761Z","times_seen":1,"resource_available":true,"data":null}},"time_used":516,"timings":{"blocked":97,"dns":42,"connect":20,"send":0,"wait":322,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"coinbase-referral.jsformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-20","alert":"Phishing Block","trigger":"coinbase-referral.jsformat.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-20","alert":"Sinkholed","trigger":"coinbase-referral.jsformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}